There has been a lot of attention on the data Facebook is collecting from its users following this weekend’s revelations that Trump campaign-linked Cambridge Analytica siphoned private data from 50 million Facebook users to target them for political campaigns. So what data did Cambridge Analytica actually get its hands on, who else has access to this data, and what can Facebook users do to protect themselves? Check out our primer to find out.
What’s the deal with the Cambridge Analytica data? Cambridge Analytica is a data mining and targeting company that at one point counted Steve Bannon among its board members. It has done work for Ted Cruz’s and Donald Trump’s presidential campaigns, and struck a partnership with an outside researcher in 2014 to get its hands on Facebook user data. To to so, the researcher built a simple survey app, and then paid users small amounts of money to install the app on Facebook and answer the survey.
270,000 users did so, and in turn allowed the app to not only download their own Facebook likes and profile information, but also similar data from users they were connected to. Altogether, Cambridge Analytica and its partner were able to gather data on 50 million U.S.-based Facebook users this way. Combined with data from other public sources, the company was able to assemble what it calls “psychographic profiles,” designed to determine what kind of political messaging users were susceptible to.
Facebook learned of this all the way back in 2015, and at the time demanded that the researcher and Cambridge Analytica delete the data. Cambridge Analytica said it did, but the New York Times reported that the data still exists on the company’s servers.
Isn’t that illegal? That’s still to be determined. Facebook says that Cambridge Analytica violated its policies. Several U.S. attorney generals and federal regulators have also begun to look into whether Facebook has violated any laws or regulations, including a 2011 federal consent decree governing privacy protections for Facebook user data.
Does Cambridge Analytica have my data? Did you download and use a personality test called “thisisyourdigitallife” on Facebook back in 2014? Then yes, Cambridge Analytica had your data at one point, and may very well still have it. It’s much harder to determine if one of your friends did so, and that way gave the company a chance to access your data as well. Facebook did at one point release a tool to let users test whether they interacted with Russian propaganda on its platform leading up to the 2016 election, but there is no word on whether the company will do the same this time around.
Could this happen again? Not in this exact way. Cambridge Analytica’s research partner made use of Facebook policies that allowed apps to access huge amounts of data from users’ friends who hadn’t consented to share this type of data with third parties. These policies were changed in 2015. However, apps can still coax users to give up lots of their own data.
What can I do keep my data safe on Facebook? One easy first step to prevent similar data exposures is to review the apps you have accessed on Facebook, which can be done on the service’s third-party app settings page. There, you’ll find the apps that you have granted access to your Facebook data, most likely when you signed up for their services and didn’t want to bother with manually entering all kinds of personal information.
A good rule of thumb is to delete all the apps that you don’t recognize, or don’t feel comfortable with having access to your Facebook data. Just be aware that this may result in having to reset your password or edit your account settings the next time you use those apps on your phone, or visit their website.
Alternatively, you can edit the permissions for individual apps, and for example decide that a certain app shouldn’t have access to your friends list, even if you have granted this in the past. And in the future, consider signing up for a third-party service just with your email address instead of giving it access to your Facebook account, or review app permissions closely at sign-up.
Also pay attention to the “apps others use” category on the same page. Here, you can decide which of your data third-party apps installed by your Facebook friends can access. And finally, you can even disable all third-party app access under the “Apps, Websites and Plug-ins” section by turning platform use off. However, chances are that a bunch of apps you may be using on your phone won’t work anymore until you find an alternative login method. Some apps may even refuse to work at all.
I’ve reviewed my app settings. Now I’m fine, right? If it only was that easy. Cambridge Analytica promised its clients very specific pshychological targeting for their campaigns, which included information on whether they’d be susceptible to fear-based messaging. There are some doubts about whether this actually worked. However, more traditional targeting is a key component of online advertising, and Facebook is really good at it, collecting tons of data on its users to help its advertisers fine-tune their messaging. The company is even tracking users when they are visiting other websites, which is why you’ll see ads on Facebook that match your latest online shopping binge.
To control which information Facebook collects on you for ad targeting purposes, go to Facebook’s ad preferences page. There, you’ll be able to review the things Facebook thinks you are interested in, as well as the categories that Facebook uses for broad targeting. Tweaking these may make ads more or less relevant, but won’t change the information Facebook collects on you.
To rein in Facebook’s data collection on third-party websites, select “Ads based on your use of websites and apps” and turn the switch to off. You can also opt out of using the things it knows about you to display targeted ads on third-party websites and apps under “Ads on apps and websites off of the Facebook Companies.”
What if I want to delete Facebook altogether? That’s certainly possible as well. Facebook gives users two options for this: deactivating the account, which comes with the possibility to reactivate it at a later point, or permanently deleting it. Links to both options, and an explanation of the differences, can be found here.